A reasonable response to my question. The original poster I don't believe thought out their statements. They just knew in their head that the old way was better without being able to rationalize it.
With that said I'll argue that the Internet presents you with a much wider array of information and increases your ability to narrow your focus since broad searches are unlikely to return anything specific that you're looking for. I would definitely say the scope of research materials is much wider on the Internet. You have forums, blogs, regular encyclopedias, news articles, youtube and various other forms of media all in one place. If you have to narrow your research I would tend to think it would be more difficult using hardcopy since you have but a few source materials to choose from at any given libary. There may not be enough information at hand or the information may be too general for your purposes.
I would say outright that the Internet offers all of the same skills and takes them to the next level as they are updated in real-time and connects you to individuals which may or may not be an expert in the field you are researching. Validation and cross referencing is even more important on the Internet. I think the only problem is the information overload that can and does happen when someone sees too much information on a topic of interest. It makes it harder to get into a topic if you have all the information in front of you at once but that speaks more to the ability of the person to break up the topics into smaller groupings and allows them to go into complex situations without getting flustered. I see it as nothing but a good thing with inherent dangerous that don't even come close to outweighing the gains.
Although I won't disagree with you outright I've never seen this happen. Many of my friends and myself included have told our employers that we are moving on or moving away and we'll give them two weeks to find someone to replace us. We'll even help train them. Of course I've always been on good terms with my employers so that probably helps. A company gains nothing by casting out their IT staff before they can find a suitable replacement. In larger corporations this might be less of an issue but there are still projects you are working on that would come to a grinding halt if you leave and in that case they lose out by not continuing to employ you for the time frame.
A friend of mine just recently quit working here. She moved to the east coast but she gave us a whole month notice and we kept her to the last day because experienced employees are hard to come by even if their skills aren't necessarily unique.
It's worth stating that I do think Apple is gaining a little momentum but I don't forsee a day anywhere in this decade at least where Apple will even scratch Dell sales let alone become the dominant force of the industry. I do find it fascinating that Apple receives so much attention considering it's market share. Seems like everyone wants them to succeed and is constantly looking for evidence that they are winning. I suppose I shouldn't say everyone but I don't see any large corporations shifting their workstations to an Apple or even the majority of small businesses.
I'll add that I am shocked that Apple sells almost as many notebooks as it does desktops. Still, only a drop in the bucket compared to what Dell sells. The reality is that the two really don't compete.
Considering this I don't know where you got your figures from. Desktop sales for Apple are declining although their notebook sales are improving quickly but they are still only 12% of the market for laptops. Still, 3% rough marketshare for their desktops now? They've improved by 1% of the last 4 years. Probably best to take that information with a grain of salt or two.
We're talking 6th to 8th grade teachers here. My mother was an 8th grade math teacher although the school district wanted her to also teach science despite being unqualified. She opted to teach math at 5th grade level instead because she wants to put her knowledge to the best use she can. I have seen a teacher with a TA maybe twice in my life and in those circumstances that person was actually helping the teacher. Taking a kid aside to give them extra assistance with a given math problem for instance while the real teacher taught the rest of the class.
You're right about role models though, that is a really difficult concept for both teachers and parents to battle but when parents care about their kids education the teacher tend to fall in line or move to another district. I'm from Vermont and we have some truly great public schools because not only do the teachers care about their students, the vast majority of the parents are also involved in the education process and re-enforce what the teacher is teaching at home. This is how schooling should be and how most private schools operate. The problem is trying to force the parents to be good parents is impossible, unconstitutional, and just plain not the business of the government so the problems exist in communities which aren't as small as those found in Vermont or Oregon off the top of my head. I've found the two starts have largely the same level of public education and about the same level of success at it.
Our president's grades are of no relevance as they speak nothing of intelligence. An average student in high school can be quite smart just applying themselves elsewhere. For instance when I was in high school not even that long ago I was taking classes at UVM and working as a network contractor for several hotels and one school district. I started early because a network administrator took it upon herself to feed my interest. She taught me all the basics, the rest I learned building public Internet access for hotels.
To sum up what I'm trying to say here, I agree with most everything you've said but from my anecdotal experience the system isn't inherently flawed and I don't share the same cynical view that schools are designed to make me a factory worker. If that were true I wouldn't have started my own business while still in school. I'm not saying you were saying such things only that others on here are saying it and doesn't please me to see the hard work of so many good teachers not getting recognition as they should. It took my mother almost 30 years to start making a decent income so I'm still curious why others seem to think schools of too much money. I suppose you have to do away with all the red tape that has been put in place over the years. Repeal No Child Left Behind but unfunded and get back to firing teachers who obviously aren't doing their jobs which can be done by the principle doing his or her job of survising the teachers. Of course something needs to be done to get more parents involved in their child's education. I don't have the answer for that but I know that it shouldn't be a law nor some government mandate.
I'm sorry but why is reading a magazine inherently better for your intellectual development than reading the same magazine online? What about reading the same encyclopedia? In other words, it sounds to me like you grew up having to look through reference materials because there was no good way to search all of it so you want your kids to do it as well. I say, why? Why waste time looking through encyclopedias on paper when you can simultaneously search every encyclopedia, news article, and sound bite that is relevent to your topic of research? I completely agree good research skills need to be taught. People should always cross reference material and cite works but all of this can be done with materials online. So again I ask, why do you get more out of paper than you do from Google?
I agree, I tend to think everyone has gotten too sensitive over the issue. I work with a lot of women some attractive some not. We all go out drinking together during our free time because the job eats up so much of our social lives. As a result we're a really strong team willing to do what it takes to help out where we can. We are drastically undestaffed so this is a very good thing when midnight starts rolling around and you haven't even eaten breakfast yet.
I will admit however that it is sometimes a little weird when I go to lunch and realized I'm the only guy in a group of 8 people. Funny how conversations change when it's mostly girls at a table. I'm also the only geek of the group but hey, we can all still have a good time and that's what matters. I think in general this fear of asking a girl out is just stupid and the odds are everyone was just afraid to talk to the hot girl. It's quite common and I see it all the time. There's also the bonus that hot girls tend to hang out with other hot girls so inviting them out for a casual drink with several others is a great idea. She'll probably introduce you to some of her friends later on and that is where excellence becomes well... excellent!
I think the line that needs to remain drawn is that you shouldn't date a coworker as that opens up a whole lot of problems if things go south. Still, I don't think it's near as complicated as a lot of people make it out to be.
Wow, my bad, I reread the bottom half of my post and completely missed the crap right at the beginning.
Supposed to read like: The company I currently work for used to use Frontpage to publish and maintain their website.
Since then the site became database driven and standards oriented so we don't use Frontpage anymore but Frontpage 2002 had no issues with running as a least privileged user.
I thought I currently worked for used to use Frontpage to build their website. We've grown leaps and bounds since then so we've moved but no one had any issues with Frontpage. Maybe old version like Frontpage 97? Not sure if that one would have the support that would be required.
As for games, what do they do that requires administrative access? Doom3 and Need for Speed Most Wanted Black Edition were the last two games I played and both were with limited accounts. Sd4hide was needed for NFS but Doom 3 worked just fine out of the box minus the generally craptacular performance the game offers anyways. Games usually keep their configurations in userspace. Generally it's only applications that will require administrative access or in some cases the case just has to be a member of remote-debuggers for instance which an installer could easily provide. You don't have to be logged is as an admin to install software plain and simple.
With that said I will stay everyone in this company runs as a non-privileged user and all works just fine. Same went with my the university I attended and my high school before that and my middle school before that. Granted, the middle school used Fortres Grand but hey, those were the good ole days. I will say that at one point at my current job we had an in-house application which did require Administrative privilegs to run because it was always making changes to the registry for random reasons along with access Windows system files that it didn't even need. We rebuilt the app and it is now web-based so the issue is completely gone and the users of it are now safely behind non-privileged accounts.
As for Vista, yes, earlier builds of Vista prompted you a hell of a lot more than Beta 2 did, and newer builds prompt you even less than that so yes, Microsoft is heading in the right direction with it.
As for Bungie I think you dramatically overestimate the reach of Microsoft. If Microsoft really bought them out and merged them into the company why would it still be called Bungie? Where else has Microsoft done this? They bought Virtual PC and now it is Microsoft Virtual PC not Connectix Virtual PC. Solomon? Navision? Both are now Microsoft products branded with Microsoft using Microsoft philosophy. Besides the whois registry for bungie.net you would have a hard time determining Microsoft is even involved with them. You don't see any Microsoft logos on their sight although you do see passport integration but that doesn't mean it's run by Microsoft. Sorry, but Bungie is owned by Microsoft, it is not run by Microsoft. Show evidence to the contrary and I will change my stance however, I could be completely wrong but I look at the evidence that I can see. Of course this doesn't mean that Microsoft couldn't influence the behaviors of Bungie but I imagine they are busy working on other things such as SQL 2005 and Exchange 2007. Neither of which are small projects. There is no question that Microsoft could utilize their resources much better than they do but they are a rather large company now and that is the natural way of things. IBM is exactly the same way.
You're right that Microsoft should be taking much more dramatic steps, the only problem is that people scream and yell whenever they make changes that break backwards compatibility. They are a victim of their own success. Part of the reason WinFS was removed from the mix is because software developers would have to fundimentally change how they create and install their product. Basically Microsoft needs to relearn how to take risks as that is what got them where they are in the first place.
I'll add one more question, what macro doesn't run as a limited user? I haven't found any although that doesn't mean they don't exist. Odds are a single group policy change to the whole domain would have fixed it for everybody or only a small group if you security is major concern.
I countered that Office runs just fine for users that are using regular functions such as grammer checking and most macros that perform functions work as designed. A non-admin shouldn't be allowed to perform admin functions and so macros that exist obviously they will break but this is expected and it is a rare occasion. In the 8 or 9 years I've been an admin I've never once seen someone running Office that needed admin access. Frontpage crashing? I totally ignored that because it's absurd in an of itself. Frontpage runs just fine, if it didn't it wouldn't crash it would give you an access denied message for whatever it is trying to do.
As for Bungie and the likes, they are owned by Microsoft, they are not however Microsoft. If that were the case you would see Bungie.net changing to Microsoft.com much like what happened when they bought Navision. Navision has been extended to include Microsoft philosophy because it's developers are now Microsoft employees. Go to the jobs section of Bungie.net and you'll see clearly that you're working for Bungie and not Microsoft.
As for the XP install you're right, the first user created is an Admin, in Vista this is not the case as thousands of people have already discovered from their downloading of a freely available OS.
Modularity is a side issue so I haven't bothered to go into depth about it. The average user would not do this but the average OEM would have an interest in it and the options exist for them to do it on a large scale so I fail to see the problem.
User conditioning is a problem, the second legitimate one you've raised. That is a major problem with Vista right now but it does get better and better with each released build so there is at least hope for it.
Running with limited privileges does indeed limit what malware can do. If the user isn't authorized to install software or drivers then the software the user loads from a website won't be able to install. It's plain and simple. This is why the machines I build for others always have them running as a limited user. Most games don't even require administrative privileges to run. Just the copyprotection stuff that sometimes goes out of bounds. This is mitigated with tricks like sd4hide but that's another discussion and is simply caused by third parties once again.
so yes, as a limited user the person could run a batch file that deletes all there personal files but anything more complex is unlikely to work. How many website exploits come with privilege escalation? You said yourself all the developers target machines with users running as admins. It is not a full solution to the problem but it is definitely a step in the proper direction.
First of all, I have installed XP and yes, it does indeed give me the option to create up to six users when I install. That is completely irrelevent however since the vast vast majority of Windows users will not be installing it and will have an OEM install it in which case it is exceedingly easy to create an unattended install script that creates a local least privilege user. I did exactly this for my entire family. I created an Install user which they use when they want to install software. Otherwise they go into their perspective accounts and do whatever they please. Exactly what Microsoft software doesn't run as a normal user? The registry is indeed shared but that in and of itself is not a problem since ACLs are built into it. That is why most software requires admin access because the installer put registry keys in a portion of the registry that a regular user would not have access to. There are other parts of the registry which the user would have access to so this is completely unnecessary.
You don't need to carefully pick your software you can change the permissions created or better yet, just install with runas instead of logging in as another user and then permissions will be setup correctly for that user. Of course that is assuming it is a sane installer which is a bad assumption. As I said, this is not an inherent design flaw, companies don't have to use the registry at all, there are plenty of locations the a limited user could save to without causing harm to the OS. It's simply unnecessary.
I will agree however that local tasks talking to network services but this has already been addressed in Vista. As for Windows being modular, you actually can pull IE and Windows Media player out, you actually can replace the tcp/ip stacks. Most any function you can rip out and replace with something else. This is often how XP Embedded people work but its not impossible or even that difficult with RIS and XP Pro or Windows 2003. I'm not sure yet how Vista is in this regard as I haven't tried to pull it pieces out yet.
As for bug fixes from my own personal experience creating simple web forms I can say that all bugs that are reported are not created equal. There are definitely oversights which have occurred but MS does indeed fix a good number of local and remote privilege escalation bugs. My WSUS server shows me new ones every now and again when I go through and do my patch testing. I think we should indeed be critical of their performance since so much of the world relies on it but I also think we need to recognize when progress has been made. Vista will not be perfect, it won't even be near it but will it do more harm than good? Judging from XP I'd bet it'll do more good than harm.
As for Microsoft marketing I think you are way off base with what users both home and business are looking for. Security is indeed a concern but it is by no means at the top of the least. Manageability, performance, ease of use all are higher on the priority list for the vast majority of people out there. Yeah, they don't want to get bogged down by spyware but they don't see it as security, they don't care how or what, much like the pop-up blocker solutions many have tried. It doesn't get rid of the spyware it only stops it from popping up in your face.
The XP w/SP2 firewall does however include ACL for program access to the Internet so you can stop anything you like. Java.exe popped up on my machine for instance when I installed Azureus. By default it didn't have access to the Internet so it prompted me for a decision. It's a step in the right direction although still obviously lacking a LaunchD type mechanism. It's XP however, so I don't really expect an OS that came out years ago to include features we're seeing released from Apple now. The real problem is that when Microsoft releases an OS it's almost always a feature and driver freeze so you get companies like Apple introducing new stuff into their current OS all the time and it obviously doesn't make Windows look very friendly. If Microsoft did what Apple/Linux Distro of your choice did and included the latest drivers with up to date releases of the OS there would probably be far viewer problems with installs and much more secure systems as a result of having been properly patched.
How on earth can it be that people running as Administrator all the time is the fault of MS? MS hasn't required it for almost a decade since the launch of NT4. Hell, I do believe even earlier iterations of NT still had the runas option. Users running as Administrators is simply not the fault of MS as evidenced my the thousands of people in corporate offices that run their computers without admin access all the time. If 3rd parties created better installers which didn't put information where it doesn't belong then the issue would be long gone. It is not in any way shape or form a design problem.
The basic services by default is a valid gripe but I haven't heard of many privilege escalation bugs in Windows that wasn't the result of a service being given more access than it needs. I'll add that the service caused the problem not any inherent design issues with Windows.
As for smalls tools being implemented in OS X I think you missed my point. It's not only the number of services but the fact that the underlying services being employed are not new, are time tested, and open many are open source. As a result the tools the OS is relying on are much safer. This is the approach I was saying makes a very real difference. Windows is actually fairly modular as well but the services that are employed are new and not publically reviewed.
As for LaunchD, I already said it's an intriguing idea and I'll add that it is a step in the right direction.
I do not think that being BSD based makes OS X inherently secure however since the OS is only as secure as the services that run on it. Think iTunes remote code vulernabilities. There have been a few of them. Microsoft also does fix bugs, with all the patches out its complete absurdity to state otherwise. Yes there are still a lot of unfixed bugs and yes they need to step up this process but they aren't just sitting around doing nothing.
They only need your name on an IM network. Then they can set traps for you. They don't need to identity you right away. Just pretend they are kid and wait for the creep to pounce on you. From there you can show him some pictures on your website which will of course capture the IP address of his machine at the time. Being still in the conversation that leaves ample time to get personal information from the ISP of the predator in question.
At first I thought this was a terrible idea because of possible abuse but then I realized that you're not allow to waste police time and resources so hitting the abuse button is something you only do when you're sure. The problem is defining when you're sure and when you're wasting time of law enforcement.
The biggest problem with this whole issue is that there are hypocrites on both sides. Much like the Isreali rest of the middle east bullshit. When both sides do wrong it becomes hard to hammer out the issue at hand.
This is a remarkable advancement, personally I see nothing wrong with harvesting stem cells from fetuses that are going to be discarded anyways but this does allow them to collect stem cells on a much larger scale since any pregnant woman could potentially donate. That could help on a massive scale and I wonder if having a larger sample will reveal a lot more information about how stem cells work. Controlling the growth rate is quite difficult as I understand a lot of stem cells have a nasty habit of turning cancerous. It's always hard being on the edge of something which could potentially have a greater impact on modern medicine than penicillin. There are also a lot of cultural ramifications that need to be worked out.
One thing is certain, cheers to these guys for this advancement. This is one advancement that does satisfy both sides without either one of them having comprimise. I only wish office politics worked out so well.
BTW, thank you for pointing out this distinction, it was the first thing that struck me about it. It seems like everyone is saying Windows is insecure because processes always run as Local Service or whatnot when the reality is that they can run as whatever user the installer would like. Seems like they are talking about third parties being the weakness.
Both platforms are subject to local privilege escalation. LaunchD does sound intriguing and I'll also add the bit about open source documentation. For the big projects like Apache yes, it is very well documented but for many of the smaller more recents apps the documentation is so poor a lot of people cry to Microsoft for a solution. One thing is for certain, the OS world as a whole has come a long way from the early days when security wasn't near a priority because few people were on the Internet.
I think the biggest component which serves to assist OS X with security is the fact that is is pluggable, features can be removed and added at will. This is the part that Unix brought to the table for Apple and this is the strength. Keep things modular and its all good.
You're right though, there is no free lunch and certainly no free energy. Let's not rule out that there are other ways to convert energy into electricity that we haven't discovered yet. I don't think these guys have done it but I'd still like someone of more science background than I to evaluate on its technical merits.
I think the big issue is their wording for "Free Energy" which pretty much totally discredits their findings but the possibility exists that someone that isn't very educated may have found something new totally on accident. This does happen and just because they can't describe it properly doesn't mean that it didn't happen. All the more reason for others to review the data and reproduce the results.
I suppose that makes sense, it's just frustrating having to make a web service that writes to two different databases or investing in a 3rd party solution to get the job done. Of course the whole thing could be done with a DTS but the SQL server that is my end-point is on the Internet and as a rule it has no access to anything at the local office. DTS would change that.
This was my major gripe with SBS as well until I saw the transition pack which let's you remove the restrictions put in place on SBS and built our your infrastructure allowing you to move Exchange to another box and enabling domain trusts. I think the single most annoying problem I have with SBS is the fact you can't have domain trusts. It's just really frustrating. At least MS gives you the option though even if the price tag is a little up there but when you're ready to build out your infracture the 3grand for the transition pack isn't so bad considering what you get. My only issue with it now is that it only comes with SQL Standard edition so there is no Oracle replication options. I don't know why Oracle replication suddenly qualifies a software for enterprise class. It's really annoying and potentially very expensive if you don't know what you're getting into. Course most people that buy SBS probably won't run into the issues I've had with it.
Good point although I tend to think the issue would cause less problems if political parties were prohibited by law. Funding could be federal ensuring that anyone with enough signatures could receive the same level of funding as anyone else running for office. There would be a set amount of money for the express purpose of campaigning and that money would be equally distributed to the citizens running for office. It would make for a much more honest government I would think.
I am glad that there are others on here that care about the constitution. It's kind of scary how many people either have a complete misunderstanding as to what the constitution is and the others that are completely apathetic about the expansion of powers. If Bush wants to do warrantless wiretaps then he can put forth a constitution ammendment and it will be voted on.
Very well phrased since the constitution grants rights to the government not to the people. By default the people have every right to do as they please as long as it does not violete the freedom of another person. I'm tired of people using the nothing to hide no problem logic. These same people could potentially have a drug problem exposed to the public with such policies in place. I agree with you, if the government can't tell you why the need the information then they have no business collecting it. The mechanisms should definitely be in place to gather the information but this shouldn't have without a warrant. If a judge grants it after the fact that's even fine since I recognize sometimes time constraints are the biggest concern. If the judge doesn't grant the warrant then the data should be destroyed however.
Coincentally a policy like that would reduce the increased demand on storage for the government lowing their operating costs. Seems like a good deal to me, maybe another tax cut in the future! Yeah right, oh well
Thank you for pointing that out but beyond that the constitution doesn't say what the government can't do. It says what the government can do. This warrantless wiretapping is not in there so it shouldn't be done as it is against the constitution. This concept seems to be lost on most people. I'm with Mr Franklin and his statement about those who give up liberty for security deserve neither. Many people have died to protect the rights we've established and I'm completely amazed how much they are slipping so fast. Fortunately the checks and balances are still there so the damage is reversable.
First redirection combined with Shadow Copies for the low end and DPM for the high end are great in this environment with automatic versioning on the cheap. DPM is a very efficient use of the storage space. I thought about something like WinInstall initially but then I got a massive increase in funding to expand another 10tb to the SAN along with enough software to make the whole deal work seamlessly. I'm only about half way through my implementation but it's looking great. I love the new DFS with R2. It takes a page from the rsync playbook only transferring what has changed inside of a given file. Provides for a marked improvement in performance.
You're right about vbscripts though. About 6 years ago I wrote a vbscript that would talk to a database to grab configurations and write to the registry. Was pretty slick and worked with mandatory profiles. Not really needed anymore but it was a fun project.
This is not a bad approach at all, it's a more generic approach since it could work with Windows just as easily as it would with Linux. Of course the assumption is still that you would use a Linux host OS but I don't see a problem with that since the odds are no users would ever be using the host OS.
Unfortunately I lack the experience to create network load balancing on linux file servers although I imagine that's a trip to LDP or Experts-Exchange away. Just seems like distribution and scaling is just plain easier with Windows. Doesn't really matter, can be done with either platform with technologies that have already been in place for a while so there's very little guess work.
4GB images over a gigabit link wouldn't take that long to transfer. The obvious bottleneck is network connection for the servers. This is mitigated with 10gigabit links on the servers but now the price of the setup is getting more and more expensive. Still not unreasonable though since you can get 10gigabit modules for all the modular HP procurve switches out there for less than you probably think. I know it shocked me but I went all HP because Ciscos are needlessly expensive and don't provide me any additional features I think are worthwhile expecially considering how much Cisco charges for 10gigabit links.
20+ people simultaneously pulling 4 gigs is a large draw, that's a given. With DFS and NLB the load could be distributed quite easily however.
In regards to the HAL issue Windows isn't as bad as a lot of people think. The issue is with the boot device and it has the same vulernability as Linux. Both will default to the first disk with an MBR so I think for the most part it's not a huge problem. Since we're talking about a corporate setting activation doesn't apply so that wouldn't be an issue either.
Of course the solution that others has suggested works too, stagger the boot up process. If power requirements aren't a huge limitation then machines only need to be reboot when updates occur to the VM. At worst this would be once a week so you could do different groups of machines on different days. That would ease the distribution load. I don't know how large a setting this is but other posters also mentioned storing the images locally and pushing updates as necessary. That would also solve the bandwidth problem.
Slashdot Mirror
A reasonable response to my question. The original poster I don't believe thought out their statements. They just knew in their head that the old way was better without being able to rationalize it.
With that said I'll argue that the Internet presents you with a much wider array of information and increases your ability to narrow your focus since broad searches are unlikely to return anything specific that you're looking for. I would definitely say the scope of research materials is much wider on the Internet. You have forums, blogs, regular encyclopedias, news articles, youtube and various other forms of media all in one place. If you have to narrow your research I would tend to think it would be more difficult using hardcopy since you have but a few source materials to choose from at any given libary. There may not be enough information at hand or the information may be too general for your purposes.
I would say outright that the Internet offers all of the same skills and takes them to the next level as they are updated in real-time and connects you to individuals which may or may not be an expert in the field you are researching. Validation and cross referencing is even more important on the Internet. I think the only problem is the information overload that can and does happen when someone sees too much information on a topic of interest. It makes it harder to get into a topic if you have all the information in front of you at once but that speaks more to the ability of the person to break up the topics into smaller groupings and allows them to go into complex situations without getting flustered. I see it as nothing but a good thing with inherent dangerous that don't even come close to outweighing the gains.
Although I won't disagree with you outright I've never seen this happen. Many of my friends and myself included have told our employers that we are moving on or moving away and we'll give them two weeks to find someone to replace us. We'll even help train them. Of course I've always been on good terms with my employers so that probably helps. A company gains nothing by casting out their IT staff before they can find a suitable replacement. In larger corporations this might be less of an issue but there are still projects you are working on that would come to a grinding halt if you leave and in that case they lose out by not continuing to employ you for the time frame.
A friend of mine just recently quit working here. She moved to the east coast but she gave us a whole month notice and we kept her to the last day because experienced employees are hard to come by even if their skills aren't necessarily unique.
Fair enough analysis of the article.
It's worth stating that I do think Apple is gaining a little momentum but I don't forsee a day anywhere in this decade at least where Apple will even scratch Dell sales let alone become the dominant force of the industry. I do find it fascinating that Apple receives so much attention considering it's market share. Seems like everyone wants them to succeed and is constantly looking for evidence that they are winning. I suppose I shouldn't say everyone but I don't see any large corporations shifting their workstations to an Apple or even the majority of small businesses.
I'll add that I am shocked that Apple sells almost as many notebooks as it does desktops. Still, only a drop in the bucket compared to what Dell sells. The reality is that the two really don't compete.
This is true although two weeks is typically considered common curtesy here in the U.S.
Considering this I don't know where you got your figures from. Desktop sales for Apple are declining although their notebook sales are improving quickly but they are still only 12% of the market for laptops. Still, 3% rough marketshare for their desktops now? They've improved by 1% of the last 4 years. Probably best to take that information with a grain of salt or two.
We're talking 6th to 8th grade teachers here. My mother was an 8th grade math teacher although the school district wanted her to also teach science despite being unqualified. She opted to teach math at 5th grade level instead because she wants to put her knowledge to the best use she can. I have seen a teacher with a TA maybe twice in my life and in those circumstances that person was actually helping the teacher. Taking a kid aside to give them extra assistance with a given math problem for instance while the real teacher taught the rest of the class.
You're right about role models though, that is a really difficult concept for both teachers and parents to battle but when parents care about their kids education the teacher tend to fall in line or move to another district. I'm from Vermont and we have some truly great public schools because not only do the teachers care about their students, the vast majority of the parents are also involved in the education process and re-enforce what the teacher is teaching at home. This is how schooling should be and how most private schools operate. The problem is trying to force the parents to be good parents is impossible, unconstitutional, and just plain not the business of the government so the problems exist in communities which aren't as small as those found in Vermont or Oregon off the top of my head. I've found the two starts have largely the same level of public education and about the same level of success at it.
Our president's grades are of no relevance as they speak nothing of intelligence. An average student in high school can be quite smart just applying themselves elsewhere. For instance when I was in high school not even that long ago I was taking classes at UVM and working as a network contractor for several hotels and one school district. I started early because a network administrator took it upon herself to feed my interest. She taught me all the basics, the rest I learned building public Internet access for hotels.
To sum up what I'm trying to say here, I agree with most everything you've said but from my anecdotal experience the system isn't inherently flawed and I don't share the same cynical view that schools are designed to make me a factory worker. If that were true I wouldn't have started my own business while still in school. I'm not saying you were saying such things only that others on here are saying it and doesn't please me to see the hard work of so many good teachers not getting recognition as they should. It took my mother almost 30 years to start making a decent income so I'm still curious why others seem to think schools of too much money. I suppose you have to do away with all the red tape that has been put in place over the years. Repeal No Child Left Behind but unfunded and get back to firing teachers who obviously aren't doing their jobs which can be done by the principle doing his or her job of survising the teachers. Of course something needs to be done to get more parents involved in their child's education. I don't have the answer for that but I know that it shouldn't be a law nor some government mandate.
I'm sorry but why is reading a magazine inherently better for your intellectual development than reading the same magazine online? What about reading the same encyclopedia? In other words, it sounds to me like you grew up having to look through reference materials because there was no good way to search all of it so you want your kids to do it as well. I say, why? Why waste time looking through encyclopedias on paper when you can simultaneously search every encyclopedia, news article, and sound bite that is relevent to your topic of research? I completely agree good research skills need to be taught. People should always cross reference material and cite works but all of this can be done with materials online. So again I ask, why do you get more out of paper than you do from Google?
I agree, I tend to think everyone has gotten too sensitive over the issue. I work with a lot of women some attractive some not. We all go out drinking together during our free time because the job eats up so much of our social lives. As a result we're a really strong team willing to do what it takes to help out where we can. We are drastically undestaffed so this is a very good thing when midnight starts rolling around and you haven't even eaten breakfast yet.
I will admit however that it is sometimes a little weird when I go to lunch and realized I'm the only guy in a group of 8 people. Funny how conversations change when it's mostly girls at a table. I'm also the only geek of the group but hey, we can all still have a good time and that's what matters. I think in general this fear of asking a girl out is just stupid and the odds are everyone was just afraid to talk to the hot girl. It's quite common and I see it all the time. There's also the bonus that hot girls tend to hang out with other hot girls so inviting them out for a casual drink with several others is a great idea. She'll probably introduce you to some of her friends later on and that is where excellence becomes well... excellent!
I think the line that needs to remain drawn is that you shouldn't date a coworker as that opens up a whole lot of problems if things go south. Still, I don't think it's near as complicated as a lot of people make it out to be.
Wow, my bad, I reread the bottom half of my post and completely missed the crap right at the beginning.
Supposed to read like: The company I currently work for used to use Frontpage to publish and maintain their website.
Since then the site became database driven and standards oriented so we don't use Frontpage anymore but Frontpage 2002 had no issues with running as a least privileged user.
I thought I currently worked for used to use Frontpage to build their website. We've grown leaps and bounds since then so we've moved but no one had any issues with Frontpage. Maybe old version like Frontpage 97? Not sure if that one would have the support that would be required.
As for games, what do they do that requires administrative access? Doom3 and Need for Speed Most Wanted Black Edition were the last two games I played and both were with limited accounts. Sd4hide was needed for NFS but Doom 3 worked just fine out of the box minus the generally craptacular performance the game offers anyways. Games usually keep their configurations in userspace. Generally it's only applications that will require administrative access or in some cases the case just has to be a member of remote-debuggers for instance which an installer could easily provide. You don't have to be logged is as an admin to install software plain and simple.
With that said I will stay everyone in this company runs as a non-privileged user and all works just fine. Same went with my the university I attended and my high school before that and my middle school before that. Granted, the middle school used Fortres Grand but hey, those were the good ole days. I will say that at one point at my current job we had an in-house application which did require Administrative privilegs to run because it was always making changes to the registry for random reasons along with access Windows system files that it didn't even need. We rebuilt the app and it is now web-based so the issue is completely gone and the users of it are now safely behind non-privileged accounts.
As for Vista, yes, earlier builds of Vista prompted you a hell of a lot more than Beta 2 did, and newer builds prompt you even less than that so yes, Microsoft is heading in the right direction with it.
As for Bungie I think you dramatically overestimate the reach of Microsoft. If Microsoft really bought them out and merged them into the company why would it still be called Bungie? Where else has Microsoft done this? They bought Virtual PC and now it is Microsoft Virtual PC not Connectix Virtual PC. Solomon? Navision? Both are now Microsoft products branded with Microsoft using Microsoft philosophy. Besides the whois registry for bungie.net you would have a hard time determining Microsoft is even involved with them. You don't see any Microsoft logos on their sight although you do see passport integration but that doesn't mean it's run by Microsoft. Sorry, but Bungie is owned by Microsoft, it is not run by Microsoft. Show evidence to the contrary and I will change my stance however, I could be completely wrong but I look at the evidence that I can see. Of course this doesn't mean that Microsoft couldn't influence the behaviors of Bungie but I imagine they are busy working on other things such as SQL 2005 and Exchange 2007. Neither of which are small projects. There is no question that Microsoft could utilize their resources much better than they do but they are a rather large company now and that is the natural way of things. IBM is exactly the same way.
You're right that Microsoft should be taking much more dramatic steps, the only problem is that people scream and yell whenever they make changes that break backwards compatibility. They are a victim of their own success. Part of the reason WinFS was removed from the mix is because software developers would have to fundimentally change how they create and install their product. Basically Microsoft needs to relearn how to take risks as that is what got them where they are in the first place.
I'll add one more question, what macro doesn't run as a limited user? I haven't found any although that doesn't mean they don't exist. Odds are a single group policy change to the whole domain would have fixed it for everybody or only a small group if you security is major concern.
I countered that Office runs just fine for users that are using regular functions such as grammer checking and most macros that perform functions work as designed. A non-admin shouldn't be allowed to perform admin functions and so macros that exist obviously they will break but this is expected and it is a rare occasion. In the 8 or 9 years I've been an admin I've never once seen someone running Office that needed admin access. Frontpage crashing? I totally ignored that because it's absurd in an of itself. Frontpage runs just fine, if it didn't it wouldn't crash it would give you an access denied message for whatever it is trying to do.
As for Bungie and the likes, they are owned by Microsoft, they are not however Microsoft. If that were the case you would see Bungie.net changing to Microsoft.com much like what happened when they bought Navision. Navision has been extended to include Microsoft philosophy because it's developers are now Microsoft employees. Go to the jobs section of Bungie.net and you'll see clearly that you're working for Bungie and not Microsoft.
As for the XP install you're right, the first user created is an Admin, in Vista this is not the case as thousands of people have already discovered from their downloading of a freely available OS.
Modularity is a side issue so I haven't bothered to go into depth about it. The average user would not do this but the average OEM would have an interest in it and the options exist for them to do it on a large scale so I fail to see the problem.
User conditioning is a problem, the second legitimate one you've raised. That is a major problem with Vista right now but it does get better and better with each released build so there is at least hope for it.
Running with limited privileges does indeed limit what malware can do. If the user isn't authorized to install software or drivers then the software the user loads from a website won't be able to install. It's plain and simple. This is why the machines I build for others always have them running as a limited user. Most games don't even require administrative privileges to run. Just the copyprotection stuff that sometimes goes out of bounds. This is mitigated with tricks like sd4hide but that's another discussion and is simply caused by third parties once again.
so yes, as a limited user the person could run a batch file that deletes all there personal files but anything more complex is unlikely to work. How many website exploits come with privilege escalation? You said yourself all the developers target machines with users running as admins. It is not a full solution to the problem but it is definitely a step in the proper direction.
First of all, I have installed XP and yes, it does indeed give me the option to create up to six users when I install. That is completely irrelevent however since the vast vast majority of Windows users will not be installing it and will have an OEM install it in which case it is exceedingly easy to create an unattended install script that creates a local least privilege user. I did exactly this for my entire family. I created an Install user which they use when they want to install software. Otherwise they go into their perspective accounts and do whatever they please. Exactly what Microsoft software doesn't run as a normal user? The registry is indeed shared but that in and of itself is not a problem since ACLs are built into it. That is why most software requires admin access because the installer put registry keys in a portion of the registry that a regular user would not have access to. There are other parts of the registry which the user would have access to so this is completely unnecessary.
You don't need to carefully pick your software you can change the permissions created or better yet, just install with runas instead of logging in as another user and then permissions will be setup correctly for that user. Of course that is assuming it is a sane installer which is a bad assumption. As I said, this is not an inherent design flaw, companies don't have to use the registry at all, there are plenty of locations the a limited user could save to without causing harm to the OS. It's simply unnecessary.
I will agree however that local tasks talking to network services but this has already been addressed in Vista. As for Windows being modular, you actually can pull IE and Windows Media player out, you actually can replace the tcp/ip stacks. Most any function you can rip out and replace with something else. This is often how XP Embedded people work but its not impossible or even that difficult with RIS and XP Pro or Windows 2003. I'm not sure yet how Vista is in this regard as I haven't tried to pull it pieces out yet.
As for bug fixes from my own personal experience creating simple web forms I can say that all bugs that are reported are not created equal. There are definitely oversights which have occurred but MS does indeed fix a good number of local and remote privilege escalation bugs. My WSUS server shows me new ones every now and again when I go through and do my patch testing. I think we should indeed be critical of their performance since so much of the world relies on it but I also think we need to recognize when progress has been made. Vista will not be perfect, it won't even be near it but will it do more harm than good? Judging from XP I'd bet it'll do more good than harm.
As for Microsoft marketing I think you are way off base with what users both home and business are looking for. Security is indeed a concern but it is by no means at the top of the least. Manageability, performance, ease of use all are higher on the priority list for the vast majority of people out there. Yeah, they don't want to get bogged down by spyware but they don't see it as security, they don't care how or what, much like the pop-up blocker solutions many have tried. It doesn't get rid of the spyware it only stops it from popping up in your face.
The XP w/SP2 firewall does however include ACL for program access to the Internet so you can stop anything you like. Java.exe popped up on my machine for instance when I installed Azureus. By default it didn't have access to the Internet so it prompted me for a decision. It's a step in the right direction although still obviously lacking a LaunchD type mechanism. It's XP however, so I don't really expect an OS that came out years ago to include features we're seeing released from Apple now. The real problem is that when Microsoft releases an OS it's almost always a feature and driver freeze so you get companies like Apple introducing new stuff into their current OS all the time and it obviously doesn't make Windows look very friendly. If Microsoft did what Apple/Linux Distro of your choice did and included the latest drivers with up to date releases of the OS there would probably be far viewer problems with installs and much more secure systems as a result of having been properly patched.
How on earth can it be that people running as Administrator all the time is the fault of MS? MS hasn't required it for almost a decade since the launch of NT4. Hell, I do believe even earlier iterations of NT still had the runas option. Users running as Administrators is simply not the fault of MS as evidenced my the thousands of people in corporate offices that run their computers without admin access all the time. If 3rd parties created better installers which didn't put information where it doesn't belong then the issue would be long gone. It is not in any way shape or form a design problem.
The basic services by default is a valid gripe but I haven't heard of many privilege escalation bugs in Windows that wasn't the result of a service being given more access than it needs. I'll add that the service caused the problem not any inherent design issues with Windows.
As for smalls tools being implemented in OS X I think you missed my point. It's not only the number of services but the fact that the underlying services being employed are not new, are time tested, and open many are open source. As a result the tools the OS is relying on are much safer. This is the approach I was saying makes a very real difference. Windows is actually fairly modular as well but the services that are employed are new and not publically reviewed.
As for LaunchD, I already said it's an intriguing idea and I'll add that it is a step in the right direction.
I do not think that being BSD based makes OS X inherently secure however since the OS is only as secure as the services that run on it. Think iTunes remote code vulernabilities. There have been a few of them. Microsoft also does fix bugs, with all the patches out its complete absurdity to state otherwise. Yes there are still a lot of unfixed bugs and yes they need to step up this process but they aren't just sitting around doing nothing.
They only need your name on an IM network. Then they can set traps for you. They don't need to identity you right away. Just pretend they are kid and wait for the creep to pounce on you. From there you can show him some pictures on your website which will of course capture the IP address of his machine at the time. Being still in the conversation that leaves ample time to get personal information from the ISP of the predator in question.
At first I thought this was a terrible idea because of possible abuse but then I realized that you're not allow to waste police time and resources so hitting the abuse button is something you only do when you're sure. The problem is defining when you're sure and when you're wasting time of law enforcement.
The biggest problem with this whole issue is that there are hypocrites on both sides. Much like the Isreali rest of the middle east bullshit. When both sides do wrong it becomes hard to hammer out the issue at hand.
This is a remarkable advancement, personally I see nothing wrong with harvesting stem cells from fetuses that are going to be discarded anyways but this does allow them to collect stem cells on a much larger scale since any pregnant woman could potentially donate. That could help on a massive scale and I wonder if having a larger sample will reveal a lot more information about how stem cells work. Controlling the growth rate is quite difficult as I understand a lot of stem cells have a nasty habit of turning cancerous. It's always hard being on the edge of something which could potentially have a greater impact on modern medicine than penicillin. There are also a lot of cultural ramifications that need to be worked out.
One thing is certain, cheers to these guys for this advancement. This is one advancement that does satisfy both sides without either one of them having comprimise. I only wish office politics worked out so well.
BTW, thank you for pointing out this distinction, it was the first thing that struck me about it. It seems like everyone is saying Windows is insecure because processes always run as Local Service or whatnot when the reality is that they can run as whatever user the installer would like. Seems like they are talking about third parties being the weakness.
Both platforms are subject to local privilege escalation. LaunchD does sound intriguing and I'll also add the bit about open source documentation. For the big projects like Apache yes, it is very well documented but for many of the smaller more recents apps the documentation is so poor a lot of people cry to Microsoft for a solution. One thing is for certain, the OS world as a whole has come a long way from the early days when security wasn't near a priority because few people were on the Internet.
I think the biggest component which serves to assist OS X with security is the fact that is is pluggable, features can be removed and added at will. This is the part that Unix brought to the table for Apple and this is the strength. Keep things modular and its all good.
Sorry, I just had to! Flying Car for sale
You're right though, there is no free lunch and certainly no free energy. Let's not rule out that there are other ways to convert energy into electricity that we haven't discovered yet. I don't think these guys have done it but I'd still like someone of more science background than I to evaluate on its technical merits.
I think the big issue is their wording for "Free Energy" which pretty much totally discredits their findings but the possibility exists that someone that isn't very educated may have found something new totally on accident. This does happen and just because they can't describe it properly doesn't mean that it didn't happen. All the more reason for others to review the data and reproduce the results.
I suppose that makes sense, it's just frustrating having to make a web service that writes to two different databases or investing in a 3rd party solution to get the job done. Of course the whole thing could be done with a DTS but the SQL server that is my end-point is on the Internet and as a rule it has no access to anything at the local office. DTS would change that.
This was my major gripe with SBS as well until I saw the transition pack which let's you remove the restrictions put in place on SBS and built our your infrastructure allowing you to move Exchange to another box and enabling domain trusts. I think the single most annoying problem I have with SBS is the fact you can't have domain trusts. It's just really frustrating. At least MS gives you the option though even if the price tag is a little up there but when you're ready to build out your infracture the 3grand for the transition pack isn't so bad considering what you get. My only issue with it now is that it only comes with SQL Standard edition so there is no Oracle replication options. I don't know why Oracle replication suddenly qualifies a software for enterprise class. It's really annoying and potentially very expensive if you don't know what you're getting into. Course most people that buy SBS probably won't run into the issues I've had with it.
Good point although I tend to think the issue would cause less problems if political parties were prohibited by law. Funding could be federal ensuring that anyone with enough signatures could receive the same level of funding as anyone else running for office. There would be a set amount of money for the express purpose of campaigning and that money would be equally distributed to the citizens running for office. It would make for a much more honest government I would think.
I am glad that there are others on here that care about the constitution. It's kind of scary how many people either have a complete misunderstanding as to what the constitution is and the others that are completely apathetic about the expansion of powers. If Bush wants to do warrantless wiretaps then he can put forth a constitution ammendment and it will be voted on.
Very well phrased since the constitution grants rights to the government not to the people. By default the people have every right to do as they please as long as it does not violete the freedom of another person. I'm tired of people using the nothing to hide no problem logic. These same people could potentially have a drug problem exposed to the public with such policies in place. I agree with you, if the government can't tell you why the need the information then they have no business collecting it. The mechanisms should definitely be in place to gather the information but this shouldn't have without a warrant. If a judge grants it after the fact that's even fine since I recognize sometimes time constraints are the biggest concern. If the judge doesn't grant the warrant then the data should be destroyed however.
Coincentally a policy like that would reduce the increased demand on storage for the government lowing their operating costs. Seems like a good deal to me, maybe another tax cut in the future! Yeah right, oh well
Thank you for pointing that out but beyond that the constitution doesn't say what the government can't do. It says what the government can do. This warrantless wiretapping is not in there so it shouldn't be done as it is against the constitution. This concept seems to be lost on most people. I'm with Mr Franklin and his statement about those who give up liberty for security deserve neither. Many people have died to protect the rights we've established and I'm completely amazed how much they are slipping so fast. Fortunately the checks and balances are still there so the damage is reversable.
First redirection combined with Shadow Copies for the low end and DPM for the high end are great in this environment with automatic versioning on the cheap. DPM is a very efficient use of the storage space. I thought about something like WinInstall initially but then I got a massive increase in funding to expand another 10tb to the SAN along with enough software to make the whole deal work seamlessly. I'm only about half way through my implementation but it's looking great. I love the new DFS with R2. It takes a page from the rsync playbook only transferring what has changed inside of a given file. Provides for a marked improvement in performance.
You're right about vbscripts though. About 6 years ago I wrote a vbscript that would talk to a database to grab configurations and write to the registry. Was pretty slick and worked with mandatory profiles. Not really needed anymore but it was a fun project.
This is not a bad approach at all, it's a more generic approach since it could work with Windows just as easily as it would with Linux. Of course the assumption is still that you would use a Linux host OS but I don't see a problem with that since the odds are no users would ever be using the host OS.
Unfortunately I lack the experience to create network load balancing on linux file servers although I imagine that's a trip to LDP or Experts-Exchange away. Just seems like distribution and scaling is just plain easier with Windows. Doesn't really matter, can be done with either platform with technologies that have already been in place for a while so there's very little guess work.
4GB images over a gigabit link wouldn't take that long to transfer. The obvious bottleneck is network connection for the servers. This is mitigated with 10gigabit links on the servers but now the price of the setup is getting more and more expensive. Still not unreasonable though since you can get 10gigabit modules for all the modular HP procurve switches out there for less than you probably think. I know it shocked me but I went all HP because Ciscos are needlessly expensive and don't provide me any additional features I think are worthwhile expecially considering how much Cisco charges for 10gigabit links.
20+ people simultaneously pulling 4 gigs is a large draw, that's a given. With DFS and NLB the load could be distributed quite easily however.
In regards to the HAL issue Windows isn't as bad as a lot of people think. The issue is with the boot device and it has the same vulernability as Linux. Both will default to the first disk with an MBR so I think for the most part it's not a huge problem. Since we're talking about a corporate setting activation doesn't apply so that wouldn't be an issue either.
Of course the solution that others has suggested works too, stagger the boot up process. If power requirements aren't a huge limitation then machines only need to be reboot when updates occur to the VM. At worst this would be once a week so you could do different groups of machines on different days. That would ease the distribution load. I don't know how large a setting this is but other posters also mentioned storing the images locally and pushing updates as necessary. That would also solve the bandwidth problem.